What Authentication Modes Are Used by the LNS to Authenticate Users?
The LNS can authenticate users in three modes: proxy authentication, forced CHAP authentication, and LCP re-negotiation. LCP re-negotiation has the highest priority.
LCP re-negotiation: It uses the authentication mode configured on the corresponding VT interface.
Forced CHAP authentication: If only forced CHAP authentication is configured, the LNS performs CHAP authentication over users.
Proxy authentication: If neither LCP re-negotiation nor forced CHAP authentication is configured, the LNS performs proxy authentication over users.
In this case, the LAC sends all authentication information obtained from users to the LNS, which authenticates users based on received authentication information and local configurations. In proxy authentication, the LNS uses the authentication mode configured on the LAC. There is only one exception. If the authentication mode configured for the VT interface is CHAP but that on the LAC is PAP, authentication fails and sessions cannot be set up because the priority of CHAP authentication required by the LNS is higher than that of PAP authentication provided by the LAC.